AI Research
Using AI to identify cybercrime masterminds – Sophos News
Online criminal forums, both on the public internet and on the “dark web” of Tor .onion sites, are a rich resource for threat intelligence researchers. The Sophos Counter Threat Unit (CTU) have a team of darkweb researchers collecting intelligence and interacting with darkweb forums, but combing through these posts is a time-consuming and resource-intensive task, and it’s always possible that things are missed.
As we strive to make better use of AI and data analysis, Sophos AI researcher Francois Labreche, working with Estelle Ruellan of Flare and the Université de Montréal and Masarah Paquet-Clouston of the Université de Montréal, set out to see if they could approach the problem of identifying key actors on the dark web in a more automated way. Their work, originally presented at the 2024 APWG Symposium on Electronic Crime Research, has recently been published as a paper.
The approach
The research team combined a modification of a framework developed by criminologists Martin Bouchard and Holly Nguyen to separate professional criminals from amateurs in an analysis of the criminal cannabis industry with social-network analysis. With this, they were able to connect accounts posting in forums to exploits of recent Common Vulnerabilities and Exposures (CVEs), either based upon the naming of the CVE or by matching the post to the CVEs’ corresponding Common Attack Pattern Enumerations and Classifications (CAPECs) defined by MITRE.
Using the Flare threat research search engine, they gathered 11,558 posts by 4,441 individuals from between January 2015 and July 2023 on 124 different e-crime forums. The posts mentioned 6,232 different CVEs. The researchers used the data to create a bimodal social network that connected CAPECs to individual actors based on the contents of the actors’ posts. In this initial stage, they focused the dataset down to eliminate, for instance, CVEs that have no assigned CAPECs, and overly general attack methods that many threat actors use (and the posters who only discussed those general-purpose CVEs). Filtering such as this ultimately whittled the dataset down to 2,321 actors and 263 CAPECs.
The research team then used the Leiden community detection algorithm to cluster the actors into communities (“Communities of Interest”) with a shared interest in particular attack patterns. At this stage, eight communities stood out as relatively distinct. On average, individual actors were connected to 13 different CAPECs, while CAPECs were linked with 118 actors.
Figure 1: Bimodal actor-CAPEC networks, colored according to Communities of Interest; the CAPECs are shown in red for clarity
Pinpointing the key actors
Next, key actors were identified based on the expertise they exhibited in each community. Three factors were used to measure level of expertise:
1) Skill Level: This was based on the measurement of skill required to use a CAPEC, as assessed by MITRE: ‘Low,’ ‘Medium,’ or ‘High,’ using the highest skill level among all the scenarios related to the attack pattern, to prevent underestimating actors’ skills. This was done for every CAPEC associated with the actor. To establish a representative skill level, the researchers used the 70th percentile value from each actor’s list of CAPECs and their associated skill levels. (For example, if John Doe discussed 8 CVEs that MITRE maps to 10 CAPECs – 5 rated High by MITRE, 4 rated Medium, and one rated Low – his representative skill level would be considered High.) Choosing this percentile value ensured that only actors with over 30 percent of their values equivalent to “High” would be classified as actually highly skilled.
OVERALL DISTRIBUTION OF SKILL LEVEL VALUES
| Skill Level Value | CAPECs | % of Skill Level Values among all values in actors’ list |
| Low | 118 (44.87%) | 57.71% |
| Medium | 66 (25.09%) | 24.14% |
| High | 79 (30.04%) | 18.14% |
SKILL LEVEL VALUES PROPORTION STATISTICS
| Skill Level Value | Average proportion of members in the list of actors |
Median | 75th percentile | Std |
| High | 29.07% | 23.08% | 50.00% | 30.76% |
| Medium | 36.12% | 30.77% | 50.00% | 32.41% |
| Low | 33.74% | 33.33% | 66.66% | 31.72% |
Figure 2: A breakdown of the skill-level assessments of the actors analyzed in the research
2) Commitment Level: This was quantified by the proportion of ‘in-interest’ posts (posts relating to a set of related CAPECs based on similar Communities of Interest) relative to an actor’s total posts. Actors who had three or fewer posts were disregarded, reducing the set to be evaluated to 359 actors.
3) Activity Rate: The researchers added this element to the Bouchard/Nguyen framework to quantify each actor’s activity level in forums. It was measured by dividing the number of posts with a CVE and corresponding CAPEC by the number of days of the actor’s activity on the relevant forums. Activity rate actually turns out to be inverse to the skill level at which threat actors operate. More highly skilled actors have been on the forums for a long time, so their relative activity rate is much lower, despite having significant numbers of posts.
DESCRIPTIVE STATISTICS OF SAMPLE
|
Figure 3: A breakdown of the skill, commitment, and activity rate scores for the sample group
As shown above, the sample for the identification of key actors consisted of 359 actors. The average actor had 36.68% of posts committed to their Community of Interest and had a skill level of 2.19 (‘Medium’). The average activity rate was 0.72.
COMMUNITIES OF INTEREST (COI) OVERVIEW
|
Figure 4. The relative scores of actors grouped into each Community of Interest
14 needles in a haystack
Finally, to identify the truly key actors — those with high enough skill level and commitment and activity rate to identify them as experts in their domains — the researchers used the K-means clustering algorithm. Using the three measurements created for each actor’s relationship with CAPECs, the 359 actors were clustered into eight clusters with similar levels of all three measurements.
OVERVIEW OF CLUSTERS
|
Figure 5: An analysis of the eight clusters with scoring based on the methodology from the framework developed from the work of criminologists Martin Bouchard and Holly Nguyen; as described above, activity rate was added as a modification to that framework. Note the low number of truly professional actors, even among the dataset of 359
One cluster of 14 actors was graded as “Professionals” — key individuals; the best in their field; with high skill and commitment and low activity rate, again because of the length of their involvement with the forums (an average of 159 days) and a post rate that averaged about one post every 3-4 days. They focused on very specific communities of interest and did not post much beyond them, with a commitment level of 90.37%. There are inherent limitations to the analysis approach in this research— primarily because of the reliance on MITRE’s CAPEC and CVE mapping and the skill levels assigned by MITRE.
Conclusion
The research process includes defining problems and seeing how various structured approaches might lead to greater insight. Derivatives of the approach described in this research could be used by threat intelligence teams to develop a less biased approach to identifying e-crime masterminds, and Sophos CTU will now start looking at the outputs of this data to see if it can shape or improve our existing human-led research in this area.
Technology Reporter
AstrolightI’m led through a series of concrete corridors at Vilnius University, Lithuania; the murals give a Soviet-era vibe, and it seems an unlikely location for a high-tech lab working on a laser communication system.
But that’s where you’ll find the headquarters of Astrolight, a six-year-old Lithuanian space-tech start-up that has just raised €2.8m ($2.3m; £2.4m) to build what it calls an “optical data highway”.
You could think of the tech as invisible internet cables, designed to link up satellites with Earth.
With 70,000 satellites expected to launch in the next five years, it’s a market with a lot of potential.
The company hopes to be part of a shift from traditional radio frequency-based communication, to faster, more secure and higher-bandwidth laser technology.
Astrolight’s space laser technology could have defence applications as well, which is timely given Russia’s current aggressive attitude towards its neighbours.
Astrolight is already part of Nato’s Diana project (Defence Innovation Accelerator for the North Atlantic), an incubator, set up in 2023 to apply civilian technology to defence challenges.
In Astrolight’s case, Nato is keen to leverage its fast, hack-proof laser communications to transmit crucial intelligence in defence operations – something the Lithuanian Navy is already doing.
It approached Astrolight three years ago looking for a laser that would allow ships to communicate during radio silence.
“So we said, ‘all right – we know how to do it for space. It looks like we can do it also for terrestrial applications’,” recalls Astrolight co-founder and CEO Laurynas Maciulis, who’s based in Lithuania’s capital, Vilnius.
For the military his company’s tech is attractive, as the laser system is difficult to intercept or jam.
It’s also about “low detectability”, Mr Maciulis adds:
“If you turn on your radio transmitter in Ukraine, you’re immediately becoming a target, because it’s easy to track. So with this technology, because the information travels in a very narrow laser beam, it’s very difficult to detect.”
AstrolightWorth about £2.5bn, Lithuania’s defence budget is small when you compare it to larger countries like the UK, which spends around £54bn a year.
But if you look at defence spending as a percentage of GDP, then Lithuania is spending more than many bigger countries.
Around 3% of its GDP is spent on defence, and that’s set to rise to 5.5%. By comparison, UK defence spending is worth 2.5% of GDP.
Recognised for its strength in niche technologies like Astrolight’s lasers, 30% of Lithuania’s space projects have received EU funding, compared with the EU national average of 17%.
“Space technology is rapidly becoming an increasingly integrated element of Lithuania’s broader defence and resilience strategy,” says Invest Lithuania’s Šarūnas Genys, who is the body’s head of manufacturing sector, and defence sector expert.
Space tech can often have civilian and military uses.
Mr Genys gives the example of Lithuanian life sciences firm Delta Biosciences, which is preparing a mission to the International Space Station to test radiation-resistant medical compounds.
“While developed for spaceflight, these innovations could also support special operations forces operating in high-radiation environments,” he says.
He adds that Vilnius-based Kongsberg NanoAvionics has secured a major contract to manufacture hundreds of satellites.
“While primarily commercial, such infrastructure has inherent dual-use potential supporting encrypted communications and real-time intelligence, surveillance, and reconnaissance across NATO’s eastern flank,” says Mr Genys.
BlackSwan SpaceGoing hand in hand with Astrolight’s laser technology is the autonomous satellite navigation system fellow Lithuanian space-tech start-up Blackswan Space has developed.
Blackswan Space’s “vision based navigation system” allows satellites to be programmed and repositioned independently of a human based at a ground control centre who, its founders say, won’t be able to keep up with the sheer volume of satellites launching in the coming years.
In a defence environment, the same technology can be used to remotely destroy an enemy satellite, as well as to train soldiers by creating battle simulations.
But the sales pitch to the Lithuanian military hasn’t necessarily been straightforward, acknowledges Tomas Malinauskas, Blackswan Space’s chief commercial officer.
He’s also concerned that government funding for the sector isn’t matching the level of innovation coming out of it.
He points out that instead of spending $300m on a US-made drone, the government could invest in a constellation of small satellites.
“Build your own capability for communication and intelligence gathering of enemy countries, rather than a drone that is going to be shot down in the first two hours of a conflict,” argues Mr Malinauskas, also based in Vilnius.
“It would be a big boost for our small space community, but as well, it would be a long-term, sustainable value-add for the future of the Lithuanian military.”
Space Hub LTEglė Elena Šataitė is the head of Space Hub LT, a Vilnius-based agency supporting space companies as part of Lithuania’s government-funded Innovation Agency.
“Our government is, of course, aware of the reality of where we live, and that we have to invest more in security and defence – and we have to admit that space technologies are the ones that are enabling defence technologies,” says Ms Šataitė.
The country’s Minister for Economy and Innovation, Lukas Savickas, says he understands Mr Malinauskas’ concern and is looking at government spending on developing space tech.
“Space technology is one of the highest added-value creating sectors, as it is known for its horizontality; many space-based solutions go in line with biotech, AI, new materials, optics, ICT and other fields of innovation,” says Mr Savickas.
Whatever happens with government funding, the Lithuanian appetite for innovation remains strong.
“We always have to prove to others that we belong on the global stage,” says Dominykas Milasius, co-founder of Delta Biosciences.
“And everything we do is also geopolitical… we have to build up critical value offerings, sciences and other critical technologies, to make our allies understand that it’s probably good to protect Lithuania.”
Artificial intelligence is the skill set that employers increasingly want from future hires. Find out how b-schools are equipping students to use AI
Business students are already seeing AI’s value. More than three-quarters of business schools have already integrated AI into their curricula—from essay writing to personal tutoring, career guidance to soft-skill development.
BusinessBecause hears from current business students about how AI is reshaping the business school learning experience.
The benefits and drawbacks of using AI for essay writing
Many business school students are gaining firsthand experience of using AI to assist their academic work. At Rotterdam School of Management, Erasmus University in the Netherlands, students are required to use AI tools when submitting essays, alongside a log of their interactions.
“I was quite surprised when we were explicitly instructed to use AI for an assignment,” said Lara Harfner, who is studying International Business Administration (IBA) at RSM. “I liked the idea. But at the same time, I wondered what we would be graded on, since it was technically the AI generating the essay.”
Lara decided to approach this task as if she were writing the essay herself. She began by prompting the AI to brainstorm around the topic, research areas using academic studies and build an outline, before asking it to write a full draft.
However, during this process Lara encountered several problems. The AI-generated sources were either non-existent or inappropriate, and the tool had to be explicitly instructed on which concepts to focus on. It tended to be too broad, touching on many ideas without thoroughly analyzing any of them.
“In the end, I felt noticeably less connected to the content,” Lara says. “It didn’t feel like I was the actual author, which made me feel less responsible for the essay, even though it was still my name on the assignment.”
Despite the result sounding more polished, Lara thought she could have produced a better essay on her own with minimal AI support. What’s more, the grades she received on the AI-related assignments were below her usual average. “To me, that shows that AI is a great support tool, but it can’t produce high-quality academic work on its own.”
AI-concerned employers who took part in the Corporate Recruiters Survey echo this finding, stating that they would rather GME graduates use AI as a strategic partner in learning and strategy, than as a source for more and faster content.
How business students use AI as a personal tutor
Daniel Carvalho, a Global Online MBA student, also frequently uses AI in his academic assignments, something encouraged by his professors at Porto Business School (PBS).
However, Daniel treats AI as a personal tutor, asking it to explain complex topics in simple terms and deepen the explanation. On top of this, he uses it for brainstorming ideas, summarizing case studies, drafting presentations and exploring different points of view.
“My MBA experience has shown me how AI, when used thoughtfully, can significantly boost productivity and effectiveness,” he says.
Perhaps one of the most interesting ways Daniel uses AI is by turning course material into a personal podcast. “I convert text-based materials into audio using text-to-speech tools, and create podcast-style recaps to review content in a more conversational and engaging way. This allows me to listen to the materials on the go—in the car or at the gym.”
While studying his financial management course, Daniel even built a custom GPT using course materials. Much like a personal tutor, it would ask him questions about the material, validate his understanding, and explain any questions he got wrong. “This helped reinforce my knowledge so effectively that I was able to correctly answer all multiple-choice questions in the final exam,” he explains.
Similarly, at Villanova School of Business in the US, Master of Science in Business Analytics and AI (MSBAi) students are building personalized AI bots with distinct personalities. Students embed reference materials into the bot which then shape how the bot responds to questions.
“The focus of the program is to apply these analytics and AI skills to improve business results and career outcomes,” says Nathan Coates, MSBAi faculty director at the school. “Employers are increasingly looking for knowledge and skills for leveraging GenAI within business processes. Students in our program learn how AI systems work, what their limitations are, and what they can do better than existing solutions.”
The common limitations of using AI for academic work
Kristiina Esop, who is studying a doctorate in Business Administration and Management at Estonian Business School, agrees that AI in education must always be used critically and with intention. She warns students should always be aware of AI’s limitations.
Kristiina currently uses AI tools to explore different scenarios, synthesize large volumes of information, and detect emerging debates—all of which are essential for her work both academically and professionally.
However, she cautions that AI tools are not 100% accurate. Kristiina once asked ChatGPT to map actors in circular economy governance, and it returned a neat, simplified diagram that ignored important aspects. “That felt like a red flag,” she says. “It reminded me that complexity can’t always be flattened into clean logic. If something feels too easy, too certain—that’s when it is probably time to ask better questions.”
To avoid this problem, Kristiina combines the tools with critical thinking and contextual reading, and connects the findings back to the core questions in her research. “I assess the relevance and depth of the sources carefully,” she says. “AI can widen the lens, but I still need to focus it myself.”
She believes such critical thinking when using AI is essential. “Knowing when to question AI-generated outputs, when to dig deeper, and when to disregard a suggestion entirely is what builds intellectual maturity and decision-making capacity,” she says.
This is also what Wharton management professor Ethan Mollick, author of Co Intelligence: Living and Working with AI and co-director of the Generative AI Lab believes. He says the best way to work with [generative AI] is to treat it like a person. “So you’re in this interesting trap,” he says. “Treat it like a person and you’re 90% of the way there. At the same time, you have to remember you are dealing with a software process.”
Hult International Business School, too, expects its students to use AI in a balanced way, encouraging them to think critically about when and how to use it. For example, Rafael Martínez Quiles, a Master’s in Business Analytics student at Hult, uses AI as a second set of eyes to review his thinking.
“I develop my logic from scratch, then use AI to catch potential issues or suggest improvements,” he explains. “This controlled, feedback-oriented approach strengthens both the final product and my own learning.”
At Hult, students engage with AI to solve complex, real-world challenges as part of the curriculum. “Practical business projects at Hult showed me that AI is only powerful when used with real understanding,” says Rafael. “It doesn’t replace creativity or business acumen, it supports it.”
As vice president of Hult’s AI Society, N-AIble, Rafael has seen this mindset in action. The society’s members explore AI ethically, using it to augment their work, not automate it. “These experiences have made me even more confident and excited about applying AI in the real world,” he says.
The AI learning tools students are using to improve understanding
In other business schools, AI is being used to offer faculty a second pair of hands. Nazarbayev University Graduate School of Business has recently introduced an ‘AI Jockey’. Appearing live on a second screen next to the lecturer’s slides, this AI tool acts as a second teacher, providing real-time clarifications, offering alternate examples, challenging assumptions, and deepening explanations.
“Students gain access to instant, tailored explanations that complement the lecture, enhancing understanding and engagement,” says Dr Tom Vinaimont, assistant professor of finance, Nazarbayev University Graduate School of Business, who uses the AI jockey in his teaching.
Rather than replacing the instructor, the AI enhances the learning experience by adding an interactive, AI-driven layer to traditional teaching, transforming learning into a more dynamic, responsive experience.
“The AI Jockey model encourages students to think critically about information, question the validity of AI outputs, and build essential AI literacy. It helps students not only keep pace with technological change but also prepares them to lead in an AI-integrated world by co-creating knowledge in real time,” says Dr Vinaimont.
How AI can be used to encourage critical thinking among students
So, if you’re looking to impress potential employers, learning to work with AI while a student is a good place to start. But simply using AI tools isn’t enough. You must think critically, solve problems creatively and be aware of AI’s limitations.
Most of all, you must be adaptable. GMAC’s new AI-powered tool, Advancery, helps you find graduate business programs tailored to your career goals, with AI-readiness in mind.
After all, working with AI is a skill in itself. And in 2025, it is a valuable one.
-
Funding & Business1 week agoKayak and Expedia race to build AI travel agents that turn social posts into itineraries
-
Jobs & Careers7 days ago
Mumbai-based Perplexity Alternative Has 60k+ Users Without Funding
-
Mergers & Acquisitions7 days ago
Donald Trump suggests US government review subsidies to Elon Musk’s companies
-
Funding & Business7 days ago
Rethinking Venture Capital’s Talent Pipeline
-
Jobs & Careers6 days ago
Why Agentic AI Isn’t Pure Hype (And What Skeptics Aren’t Seeing Yet)
-
Funding & Business4 days ago
Sakana AI’s TreeQuest: Deploy multi-model teams that outperform individual LLMs by 30%
-
Jobs & Careers7 days ago
Astrophel Aerospace Raises ₹6.84 Crore to Build Reusable Launch Vehicle
-
Jobs & Careers7 days ago
Telangana Launches TGDeX—India’s First State‑Led AI Public Infrastructure
-
Funding & Business1 week agoFrom chatbots to collaborators: How AI agents are reshaping enterprise work
-
Jobs & Careers4 days ago
Ilya Sutskever Takes Over as CEO of Safe Superintelligence After Daniel Gross’s Exit
